CVE-2022-31192

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-31192
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31192.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31192
Aliases
Published
2022-08-01T20:30:36Z
Modified
2025-11-19T09:12:01.352040Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVSS Calculator
Summary
Cross Site Scripting possible in DSpace JSPUI "Request a Copy" feature
Details

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific 
{
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

Git / github.com/dspace/dspace

Affected ranges

Type
GIT
Repo
https://github.com/dspace/dspace
Events
Introduced
0fea17436854acf9048b0e11fbf988333ea02956
Fixed
66647c7bf939b202a4872d4c5ebda23bc62e807f
Database specific 
{
    "versions": [
        {
            "introduced": "6.0"
        },
        {
            "fixed": "6.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/dspace/dspace
Events
Introduced
d34e7b89a30b5ffd35556d6fe8936e5d8659415d
Fixed
d1795b598aa78c37cade6fbc83c8e4141f865a6e
Database specific 
{
    "versions": [
        {
            "introduced": "4.0"
        },
        {
            "fixed": "5.11"
        }
    ]
}

Affected versions

dspace-4.*

dspace-4.0

dspace-5.*

dspace-5.0
dspace-5.0-rc1
dspace-5.0-rc2
dspace-5.0-rc3
dspace-5.1
dspace-5.10
dspace-5.2
dspace-5.3
dspace-5.4
dspace-5.5
dspace-5.6
dspace-5.7
dspace-5.8
dspace-5.9

dspace-6.*

dspace-6.0
dspace-6.1
dspace-6.2
dspace-6.3